Hi david,

i'm not sure about that, by havn't figured out why the credentials have to be in cleartext, but that was only possibility I got syncrepl working since I tried it with SSHA or MD5 prefixes.
Did you tried that in cleartext?

just my two bucks and a half
benjamin

On Wed, Mar 10, 2010 at 10:01, DeMoNs@web.de <DeMoNs@web.de> wrote:
Hi all,

i have a problem getting openldap to run monitor backend AND syncrepl
overlay.
i'm running freebsd-7.2-release-p6 in combination with
openldap-server-2.4.19 with sasl support compiled in.

i use the following slapd config:

include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/misc.schema
include         /usr/local/etc/openldap/schema/ldapns.schema
include         /usr/local/etc/openldap/schema/radius.schema

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
logfile         /var/log/slapd.log

password-hash   {SSHA}
modulepath      /usr/local/libexec/openldap
moduleload      back_bdb
moduleload      back_monitor

access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
       by ssf=128 dn="cn=admin,dc=example,dc=de" write
       by dn="cn=admin,dc=example,dc=de" peername.ip=127.0.0.1 write
       by ssf=96 dn="cn=nssadmin,dc=example,dc=de" read
       by dn="cn=nssadmin,dc=example,dc=de" peername.ip=127.0.0.1 read
       by anonymous auth
       by * none
access to attrs=userPassword
       by self write
       by anonymous auth
       by * none

database        bdb
suffix          "dc=example,dc=de"
rootdn          "dc=example,dc=de"
directory       /var/db/openldap-data
index   objectClass,entryCSN,entryUUID    eq
index   uid    pres,eq,sub
index   memberUID    eq
index   uidNumber,gidNumber    eq
index   host    eq

database        monitor
rootdn          "cn=monitoring,cn=Monitor"
rootpw          monitoring

access to dn.subtree="cn=Monitor"
       by dn="cn=nssadmin,dc=example,dc=de"
       by * none

syncrepl rid=041
       provider=ldap://ldap-master.example.de
       type=refreshOnly
       interval=00:00:35:00
       searchbase="dc=example,dc=de"
       schemachecking=off
       bindmethod=simple
       starttls=yes
       binddn="cn=syncuser,dc=example,dc=de"
       credentials="strongsecretpassword"

TLSCertificateFile /usr/local/etc/openldap/ssl/ldap-crt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/ldap-key.pem
TLSCACertificateFile /usr/local/etc/openldap/ssl/cacert.pem

loglevel 256

now, when i run slaptest i receive following error:

/usr/local/etc/openldap/slapd.conf: line 59: database monitor does not
support operations required for syncrepl
slaptest: bad configuration file!

Line 59 corresponds to the credentials option in the synrepl statement.
i can't figure out whats wrong, so if anyone can point me in the right
direction that would be really helpful.

thanks in advance,
david



--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra